Security Vulnerabilities - CVEs Published In 2018
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-12-06
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVSS Score
5.7
EPSS Score
0.012
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-06
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-06
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-06
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-06
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
CVSS Score
7.2
EPSS Score
0.001
Published
2018-12-06
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-06
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-12-06